An AOS-Switch enforces 802.1X. It receives an Access-Accept with this HPE VSA from its Radius server:
Attribute Name and ID = HPE-User-Role (25) Value = contractor
The switch then rejects the client. What is one requirement for the switch to accept the message and authorize the client? role.
B. User role authorization must be enabled globally on the switch. name.
D. The RADIUS server settings must permit dynamic authorization.
To ensure that the switch accepts the Access-Accept message with the HPE-User-Role value, user role authorization must be enabled globally on the switch. This setting permits the switch to correctly interpret and enforce role-based access based on the attributes received from the RADIUS server. Without enabling user role authorization globally, the switch cannot process the role assignment and will reject the client.
B is the answer.
The role needs to exist on the swith or download it from ClearPass
A. The initial user role must be set to the factory default permit any role. B. User role authorization must be enabled globally on the switch. C. An aaa authentication local user group must have the contractor name. D. The RADIUS server settings must permit dynamic authorization.